aboutsummaryrefslogtreecommitdiff
path: root/security/integrity/Kconfig
diff options
context:
space:
mode:
authorJames Morris <jmorris@namei.org>2012-01-09 12:16:48 +1100
committerJames Morris <jmorris@namei.org>2012-01-09 12:16:48 +1100
commit8fcc99549522fc7a0bbaeb5755855ab0d9a59ce8 (patch)
treea118eaef15d4ba22247f45ee01537ecc906cd161 /security/integrity/Kconfig
parent805a6af8dba5dfdd35ec35dc52ec0122400b2610 (diff)
parent7b7e5916aa2f46e57f8bd8cb89c34620ebfda5da (diff)
Merge branch 'next' into for-linus
Conflicts: security/integrity/evm/evm_crypto.c Resolved upstream fix vs. next conflict manually. Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'security/integrity/Kconfig')
-rw-r--r--security/integrity/Kconfig14
1 files changed, 14 insertions, 0 deletions
diff --git a/security/integrity/Kconfig b/security/integrity/Kconfig
index 4bf00acf793..d384ea92148 100644
--- a/security/integrity/Kconfig
+++ b/security/integrity/Kconfig
@@ -3,5 +3,19 @@ config INTEGRITY
def_bool y
depends on IMA || EVM
+config INTEGRITY_DIGSIG
+ boolean "Digital signature verification using multiple keyrings"
+ depends on INTEGRITY && KEYS
+ default n
+ select DIGSIG
+ help
+ This option enables digital signature verification support
+ using multiple keyrings. It defines separate keyrings for each
+ of the different use cases - evm, ima, and modules.
+ Different keyrings improves search performance, but also allow
+ to "lock" certain keyring to prevent adding new keys.
+ This is useful for evm and module keyrings, when keys are
+ usually only added from initramfs.
+
source security/integrity/ima/Kconfig
source security/integrity/evm/Kconfig